×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Multiple Manufacturers Push Hydrogen Fuel Cell Cars, But Can They Catch Tesla?

DrXym Re:It has nothing to do with the part counts (275 comments)

That's marvellous if you are along the corridor of chargers. Not so marvellous for the vast number of people who aren't. Or who can't afford a Tesla.

It's not hard to envisage every gas station having chargers some day (or diners / supermarkets / convenience stores who want to attract business while vehicles charge). That day is still some way off.

yesterday
top

Android Botnet Evolves, Could Pose Threat To Corporate Networks

DrXym Re:Root Your Device? (54 comments)

I guess someone would have to tell us how to detect it, or something else equally helpful to actually PREVENT this threat. Warnings are pointless without a plan.

Just google for "free antivirus and sexy girl screensaver APK". Lots of Chinese warez sites have it. The app asks for a lot of permissions but only to see if there are viruses hiding in your text messages or contacts.

5 days ago
top

Firefox Signs Five-Year Deal With Yahoo, Drops Google as Default Search Engine

DrXym Re:Ba Da ... (394 comments)

It's one thing to not default search to Google, but it would be another entirely to remove it from the list. As I don't run Mint, I'm assuming you mean the latter by "actively prevent". Even Mint can't use the standard Firefox branding or search plugin (perhaps it has an affiliate id in out), there are other ones which would work.

5 days ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

DrXym Fix the problem properly (210 comments)

Let sites create their own keys and sign them (or not) by anyone they feel like. This could include CAs but equally it could include other sites they do business with to build a web of trust. And the browser should use SSL observatory to compare and cache these keys and present a simple checklist of what protection the site has against attack, its level of trust etc.

The existing model is broken by the fact that CAs are not always trustworthy, the certs they issue to most sites are worthless as tokens of trust and the whole mechanism is a tax on security. It needs all browser makers to knock heads and make CAs for security an optional thing. Yes some sites like banks or whatever might want to pay some CA to audit their security procedures for storing a cert. For most sites it's complete overkill.

about a week ago
top

Elite: Dangerous Dumps Offline Single-Player

DrXym Re:Buyer Beware (472 comments)

This Kickstarter stuff isn't very well regulated...

A fool and their money are soon parted. I've yet to see a single kickstarter that would justify me giving a single penny to it. Most of them are glorified preorders - "give us money now and in a year or two we might deliver a product you can have for a small discount off its eventual retail price". No thanks.

about a week ago
top

HTML5: It's Already Everywhere, Even In Mobile

DrXym Re:The wait was unnessesary (133 comments)

Typescript is similar to Actionscript and compiles down to Javascript. You can do stuff like interfaces, classes, inheritance, compile time typechecking etc. My experience of Typescript is the language is okay but developing it is painful because the tools are awful, particularly for someone coming from a place like Java where IDEs will give instant feedback on errors, code completion, formatting etc. Even stuff like ordering of classes can break the JS even when the TS compiles perfectly.

I would agree with the sentiment that people who think JS (or HTML5) is some panacea for Flash are idiots. Flash was hated primarily because it was TOO popular - sites abused the fuck out of it and multi tabbed browsers sagged under the weight of so many running instances. If JS is abused the same way the performance would be just as bad.

JS is often considered the problem, not the solution to web development. This is why coffeescript, typescript et al exit. Plus a raft of JS libraries like jquery, backbone, underscore, phantom, handlebars etc. to hide the differences or provide basic niceties that JS lacks. Plus the likes of dart, emscripten, GWT and so on which bury JS completely and spit out compiled JS. Plus the recognition from browsers that JS performance sucks and the optimization paths they've implemented (e.g. asm.js). That said, we're almost in a place where 95% of the use cases for Flash are probably achievable in JS. Personally I wish browsers would adopt PNaCl or something similar so code can be compiled and run at near native speeds - skip JS as an intermediate format when it doesn't make sense and just let sites ship bitcode.

about a week ago
top

Ars Dissects Android's Problems With Big Screens -- Including In Lollipop

DrXym In fairness (103 comments)

That left / right split swipe in Android 4 felt wrong and looked pretty stupid especially for someone familiar with the behaviour on a smaller device.

about a week ago
top

Assassin's Creed: Unity Launch Debacle Pulls Spotlight Onto Game Review Embargos

DrXym Don't preorder (473 comments)

A lot of money is riding on a game release. They cost millions to produce and market and delaying could cost millions more. A game would have to be seriously broken to be delayed.

So it's unsurprising that Ubisoft pushed it out the way it was. If they announced a delay, they'd lose out on seasonal sales, their preorders would be decimated and it would affect their quarterly figures. So they pushed out something with some serious bugs and performance issues and used an embargo to prevent bad press until after all those preorders were fulfilled. I'm sure they'll get around to fixing the worst of the bugs, but people have been sold a lemon.

As consumers, there is a clear lesson to be learned here - do not preorder. Do not reward companies who use hype and lies to promote a game that may not live up to expectations. If a game is THAT AMAZING, then it'll still be so in a week or two after release when consensus is formed. And if it isn't... well that's €60+ you've saved for a better game.

about two weeks ago
top

Pirate Bay Co-Founder Peter Sunde Is a Free Man Again

DrXym Re:Same thing in the US (356 comments)

I don't believe that to be true beyond what you might get from shifting from one food source to another - some temporary effects to your gut. And besides if she affected her health by not eating then it is in her interest to start again even if that means gradual reintroduction and abstinence again when circumstances allowed for it.

about two weeks ago
top

Pirate Bay Co-Founder Peter Sunde Is a Free Man Again

DrXym Re:Same thing in the US (356 comments)

So the meat was cooked and consumed anyway? What's the point of that if she ends up affecting her own health?

about two weeks ago
top

Flaw in New Visa Cards Would Let Hackers Steal $1M Per Card

DrXym Re:Well... no. (126 comments)

It seems like it would be pretty trivial for someone working at a store to disconnect it from the internet at will.

And it would be pretty trivial for the credit card company and police to notice thefts all occurring from this one shop and rain fire down on their asses.

about three weeks ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

DrXym Re:It freakin' works fine (928 comments)

Gah second para was supposed to say - if 'a' is_less_than c AND c is_less_than 'z' then ischar = 1' as an example of where EBCDIC would break horribly and it only gets worse with stuff like rot13, crypto etc.. Slashdot gobbled up the less thans and truncated that sentence.

about three weeks ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

DrXym Re:It freakin' works fine (928 comments)

ASCII digits aren't much harder to use for BCD than EBCDIC. In ASCII the digits would be 0011NNNN and in EBCDIC they're 1111NNNN as binary. Assuming you masked off the top 4 bits it would be the same code to do BCD with either.

Aside from digits, EBCDIC is infamous for it's bizarro alphabet layout which wasn't contiguous so code patterns like "if 'a' I suspect the EBCDIC only existed because IBM being IBM couldn't countenance interoperability with other systems and therefore tried to ringfence and enforce its own format.

about three weeks ago
top

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

DrXym Re:StartSSL, DANE, Perspectives (70 comments)

TL;DR: Install Perspectives if you want to use an unknown CA.

It's not a case of installing anything. It requires a whole new secure protocol that browsers support out of the box.

Broken by StartSSL, which provides personal use certificates without charge.

It's still a CA and it's demonstrative of the uselessness of a CA in the first place. The cert makes a scary box go away nothing more. Even if its free (in money) it's still an onerous task in time and effort to obtain a cert. And with my tinfoil hat on, why should I trust an operation in Israel to generate a trustworthy certificate for my site? It's not the first time a CA has been compromised and issued phony certs for MITM attacks.

I have my own problems with PGP's assumption of transitive trust. Just because you can vouch for someone's identity doesn't mean you can vouch for that person's ability to correctly vouch for others' identities.

True but it still has the potential to build more meaningful trust to a site than a CA can. e.g. Red Hat could sign Ubuntu's site and vice versa and they could sign various Linux user groups and so forth. Just like happens with PGP keys. It's more meaningful than some random CA and far harder compromise especially if browsers cache keys and signatories or look them up in SSL observatory.

about three weeks ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

DrXym Re:It freakin' works fine (928 comments)

People had a holy war in support EBCDIC?

about three weeks ago
top

Ask Slashdot: Can You Say Something Nice About Systemd?

DrXym I can say something nice (928 comments)

I've not had any issues with it and my machine starts faster. It works. Most of the objections to it appear to boil down to personality and philosophical issues rather than whether it is technically sound, e.g. the way the devs interact with the kernel devs, or whether it's too close to the way services work in Windows.

Having read the myths page I largely believe it was the right thing to do. Linux is a living operating system and sometimes it has to be dragged kicking and screaming away from things that may have been acceptable in 1990 but not when going against other modern operating systems. Wayland is another ongoing example of that and I'm sure that once it becomes the default choice in some dists that we'll see people being extremely vocal about that too.

about three weeks ago
top

Denmark Plans To Be Coal-Free In 10 Years

DrXym Re:Breaking the stranglehold of other countries (332 comments)

Britain is encouraging solar and wind but it's amazing the opposition that some people (nitwits mostly) have to these forms of generation. Parties like UKIP actively oppose renewable energy.

about three weeks ago
top

Denmark Plans To Be Coal-Free In 10 Years

DrXym Re:Breaking the stranglehold of other countries (332 comments)

Presumably biomass would become more valuable if power stations created a demand for farmers to raise their prices. It's also not the only way it could be created. Anyway, wind is not the only renewable - there is hydro, solar, geothermal etc. The fluctuations probably become more predictable with scale and you might find a region the size of Europe is able to build interconnectors to meet supply with demand.

about three weeks ago
top

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

DrXym Re:Pros and Cons (70 comments)

How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?

Exactly. The whole concept of a certifying authority is fundamentally broken. It's just a tax on security. If I'm a bank or merchant then it might be worth paying a CA a lot of money to come and verify I am who I say and how I store and control access to my cert. But the standard signature that most sites obtain is worse than fucking useless. At most it might verify my credit card or my fake id. It's just a tax and the net result plain text is the default.

Sites should be able to use unsigned keys for basic encryption. Sites should also be able to sign each other's keys and build a web of trust. Finally if they absolutely must they can get a CA to sign it. Just like with PGP. There are disadvantages to unsigned certs in that they don't stop man in the middle but browsers cache keys and participate in SSL observatory so that visitors to sites still have some measure of assurance that the key is being manipulated.

Browsers could also present the security of a web of trust in a reasonable way as a checklist or traffic light system. Encrypts traffic (green tick); Protects from casual eavesdropping (green tick); Protects against man in the middle attacks (red cross); Signed by someone you trust (red cross) etc.

The current system is just dumb and I'd hope that somebody, be it Mozilla, Google or whomever would roll out something better that does away with the need for a CA or forgo all encryption.

about three weeks ago

Submissions

top

GNOME Shell extensions are live

DrXym DrXym writes  |  more than 2 years ago

DrXym (126579) writes "GNOME Shell has been criticized for certain shortcomings when compared to GNOME 2.x. Chief amongst them was that 2.x offered panel applets whereas 3.x is seemingly lacking any such functionality. What most people don't know is that GNOME Shell has a rich extension framework similar to Mozilla Firefox add-ons and the official site to install extensions has gone live. So if you yearn for an application menu, or a dock, or a status monitor then head on over. Extensions can be installed with a few clicks and removed just as easily.

Someone should offer a prize to the first extension that implements Unity and global menus over GNOME Shell. Perhaps it would convince Ubuntu to switch over and end this spat once and for all."

Link to Original Source
top

Warner going Blu Ray exclusive

DrXym DrXym writes  |  more than 6 years ago

DrXym (126579) writes "Engadget are reporting that Warner is going to go Blu-Ray exclusive. Even though I am a Blu-Ray supporter myself this announcement is shocking since it could easily have gone the other way. It drives a stake into the heart of the HD DVD camp and might mean at last that an end is in sight for HD physical format war."
top

SCO stock takes a dump

DrXym DrXym writes  |  more than 7 years ago

DrXym (126579) writes "The SCO ball of twine keeps unravelling. Following the total disintegration of their legal case on Friday, SCO's stock took a pounding today falling a whopping 70%. That puts SCOX well and truly into NASDAQ delisting territory, assuming they last the 120 days required to be removed. So long SCO, we hardly knew ye."
top

DrXym DrXym writes  |  more than 8 years ago

DrXym (126579) writes "Remember that stuff about the PS3 supporting Linux? Well it's true as as this press release from Yellow Dog Linux shows. PS3 owners will be able to install Yellow Dog Linux 5.0 which includes standard Linux apps such as Firefox 1.5.0, OpenOffice 2.0 as standard. Interestingly it also includes a Cell SDK and Enlightenment E17 for the desktop experience. What remains to be seen is whether it plays nice alongside your ability to play games, download stuff, watch movies etc. or is it an all or nothing affair?"

Journals

DrXym has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?